o RAONWIZ Co.,Ltd released security update to address arbitrary remote code execution vulnerability in DEXT5 Upload ActiveX module.(file transfer solution)
|Download of code without
|arbitrary remote code
o DEXT5 Upload 126.96.36.199 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting
the argument, variable in the activeX module. This can be leveraged for code execution.
□ Affected Product
|dext5.ocx(DEXT5 Upload Control)
o Update the program over RAONWIZ DEXT5 Upload 188.8.131.52 version or higher.
o Thanks to Dong-Hyeon Yu for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀